NASA-logoA number of compliance thought leaders have written about the importance of good people to an effective compliance program. Programs just don’t work without the right talent. Smart compliance leaders get that. Once companies figure out the people piece (which is not easy), evaluating the risk environment and regulatory requirements helps companies develop programs to address those areas across different subject matters and business units.
Regulatory guidance tells companies to perform risk assessments—focusing on root cause analysis and steps to mitigate risks—but does not provide a government-endorsed road map for how to do it. For instance, the Department of Justice’s evaluation of corporate compliance programs (evaluation guidance) sets forth eleven sample topics and questions that the fraud section may consider in evaluating a corporate compliance program. The fifth topic is risk assessment, which includes questions regarding the company’s risk management process/methodology, use of information or metrics, and how the process accounts for manifested risks. You get the what and why, but not the how. But you really…
